Abstract
Quantitative security risk evaluation of information systems is increasingly drawing more and more attention. This paper extends the attack tree model, and proposes a new quantitative risk evaluation method .While the risk value of the leaf node (atomic attack) is quantified, the multiattribute utility theory is adopted. All algorithms are presented for each steps of this new evaluation method. In addition, a worked example is also experimented in this paper. The experimental result shows that the novel method can not only make the evaluation result more reasonable and objective, but also offer a good foundation for the implementation of the automatic evaluation tool.
Original language | English |
---|---|
Title of host publication | Proceedings - 2007 Japan-China Joint Workshop on Frontier of Computer Science and Technology, FCST 2007 |
Place of Publication | Los Alamitos, Calif |
Publisher | Institute of Electrical and Electronics Engineers (IEEE) |
Pages | 67-73 |
Number of pages | 7 |
ISBN (Print) | 0769530362, 9780769530369 |
DOIs | |
Publication status | Published - 2007 |
Event | 2007 Japan-China Joint Workshop on Frontier of Computer Science and Technology, FCST 2007 - Wuhan, China Duration: 1 Nov 2007 → 3 Nov 2007 |
Other
Other | 2007 Japan-China Joint Workshop on Frontier of Computer Science and Technology, FCST 2007 |
---|---|
Country/Territory | China |
City | Wuhan |
Period | 1/11/07 → 3/11/07 |